CVE-2025-11230

Summary

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.

Affected Software

VendorProductVersion RangeStatus
HAProxy TechnologiesHAProxy Community Edition2.4.0 < 2.4.30affected
HAProxy TechnologiesHAProxy Community Edition2.6.0 < 2.6.23affected
HAProxy TechnologiesHAProxy Community Edition2.8.0 < 2.8.16affected
HAProxy TechnologiesHAProxy Community Edition3.0.0 < 3.0.12affected
HAProxy TechnologiesHAProxy Community Edition3.1.0 < 3.1.9affected
HAProxy TechnologiesHAProxy Community Edition3.2.0 < 3.2.6affected

Weaknesses

  • CWE-407: CWE-407 Inefficient Algorithmic Complexity

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References